The analyst team of ThreatBook has continuously followed up with more than 100 hacker groups active around the world over the recent three years. After the occurrence of a major security incidents, ThreatBook will produce a analysis report immediately to help the enterprise users respond quickly and effectively deal with the possible security threats.

Recently, ThreatBook has discovered hackers' use of WebLogic vulnerability (CVE-2017-3248) and WebLogic WLS component vulnerability (CVE-2017-10271) to launch a wide range of remote attacks on enterprise servers, a large number of enterprise servers have been captured, and the number of attacked enterprises is showing a clear upward trend, which needs to be highly valued. Among them, CVE-2017-12071 is the latest remote code execution vulnerability using WLS components in Oracle WebLogic, which is a detail not published.

On October 24, 2017, security companies such as Kaspersky and ESET found Bad Rabbit, a new type of ransomware, spreading rapidly in Eastern European countries, at a speed not lower than NotPetya in May and WannaCry ransomworm in June of this year. Up to now, it has attacked Russia, Ukraine, Bulgaria and Turkey and spread to the United States. ThreatBook has analysed and followed up of the incident, and our main findings include.

On November 14, 2017, US-CERT released an analysis report on FALLCHILL and Volgmer, the tools often used by the "Hidden Cobra" group (Lazarus), pointing out that the group was backed by the North Korean government. ThreatBook has also recently published many internal analysis reports on the organization's attack trends. By contrast, we found that the FALLCHILL described in the US-CERT report is highly consistent with the capability features of the latest backdoor program of the group we found. The specific contents include.

WhiteElephant, also known as Patchwork or Dropping Elephant, has been active since December 2015. It has been attacking Chinese infrastructure and other business assets for a long time. In July 2016, many security companies such as Cymmetria, ANTIY, Forcepoint, Kaspersky and Symantec revealed it. The gang mainly disseminates Trojan horses through phishing mail and counterfeit websites. The Trojan horses are usually carried by Doc or PPS documents related to military and political topics. The common vulnerabilities include CVE-2012-0158 and CVE-2014-.

The spear phishing mail attack has been a major threat to the line of defense at the border of the enterprise. Launching directed attacks by attacking the enterprise's or its partner's mail system is a greater attack means in sppear phishing mail attacks, which is also called BEC (Business E-mail Compromise) attack, also known as "CEO fraud". ThreatBook has sorted out several cases of attacks in recent years, summarized the typical attack scenarios and attack characteristics, and puts forward defense advice accordingly.